Re: [gentoo-user] postfix: /etc/postfix/aliases or /etc/mail/aliases ?
On Mon, Jul 12, 2021 at 01:21:14PM +1000, Adam Carter wrote: > The location is currently configured in main.cf; > # postconf alias_maps > alias_maps = hash:/etc/postifix/aliases That's a non-default value. /etc/mail/aliases is the gentoo default. Changing the default is fine but you need to let postfix create the db file as well if you want to use /etc/postfix as your aliases location. > And looks like the installer puts the original alias file there too, so I > assume my config is per the default config; > # qlist postfix | grep aliases > /etc/postfix/aliases yes postfix-install command places aliases file - along with a few others - into standart configuration directory. It is somewhat of an hassle to remove them as other commands expect at least some of them to be present. > But this; > # grep aliases /lib/systemd/system/postfix.service > ExecStartPre=-/usr/bin/newaliases > ReadWritePaths=-/etc/mail/aliases.db > > Suggests that /etc/mail is the correct location, so i'm wondering if i > missed an update to postfix.service. Can a postfix user please check their > ReadWritePaths to see if it's /etc/mail/aliases.db or > /etc/postfix/aliases.db ? Cheers. Two options: 1/ use dafaults, i.e. /etc/mail/aliases 2/ use a custom location but then change postfix.service to give r/w access to the new aliases.db location I'd go with option #1 if you do not have a strong preference either way. -- Eray
Re: [gentoo-user] tips on running a mail server in a cheap vps provider run but not-so-trusty admins?
On Sat, Aug 22, 2020 at 09:17:56PM +0100, Ashley Dixon wrote: > On Sat, Aug 22, 2020 at 04:15:38AM +, Caveman Al Toraboran wrote: > > just to double check i got you right. due to > > flushing the buffer to disk, this would mean that > > mail's throughput is limited by disk i/o? [...] > When an M.T.A. encounters mail, the content of the mail will first exist in > the > M.T.A.'s local memory, in a buffer. Before sending an "OK" to the > sending > server, it should first make an attempt to write it to disk, through an > fwrite > (stdio) or write (POSIX) call. At that point, it is, in theory, the > kernel's > choice if and when it is _actually_ written to disk, but if one of > the > aforementioned functions return a success code, the M.T.A. has done its bit, > and > can consider the message "safely stored". true and yes given a sink willing to accept your throughput, an mta is generally disk i/o bound -- Eray
Re: [gentoo-user] Ansible, puppet and chef
On Tue, Sep 16, 2014 at 10:43:18PM +0200, Alan McKinnon wrote: Puppet seems to me a good product for a large site with 1000 hosts. Not so much for ~20 or so. I find that for a few machines, puppet is overkill. For a lot of machines, puppet can become unmanageable - with puppet master and security being the culprit. We have used puppet a lot but recently settled on salt (strictly speaking not my decision so cannot really compare it with ansible) and we are happy with the outcome. You might want to consider app-admin/salt as well. -- Eray
Re: [gentoo-user] Re: Secure DNS servers
On Mon, Jun 16, 2014 at 07:57:31PM +, James wrote: Any guidance of those? When I have a choice, I go with nsd for authoritive and with unbound for recursive dns servers. Bind is also a popular alternative. Anyone and Everyone is encouraged to chime in on dns server Try to seperate your authorative and recursive dns servers. Learn to use dig. On Mon, Jun 16, 2014 at 02:49:39PM -0400, Michael Orlitzky wrote: iptables -A INPUT -p ALL -m conntrack --ctstate ESTABLISHED,RELATED \ -j ACCEPT Careful with conntrack. It is OK for a home/hobby server. For a high volume dns server, you don't want to reach conntrack limits before you reach the limits of your dns software - which are usually much higher. A stateful firewall for a dns server is not always a good choice - do not make it easier to DoS. -- Eray Aslan e...@gentoo.org
Re: [gentoo-user] ssmtp alternatives: msmtp vs. dma
On 12/5/12 7:28 AM, Grant wrote: I was setting up ssmtp but I realized it isn't being maintained and there are a couple of alternatives called msmtp and dma. Can anyone recommend one of these over the other? msmtp and nullmailer are good choices as light weight MTAs. I hope to change the default mta from ssmtp to one of them in semi-near future (probably nullmailer now that it has TLS/SSL support). -- Eray Aslan e...@gentoo.org
Re: [gentoo-user] courier-imap cannot find courier-authlib
On Fri, Nov 02, 2012 at 08:05:34AM -0400, Mike Edenfield wrote: Is anyone else seeing this problem, or know how to make it go away? Should be fixed in =courier-authlib-0.65.0-r2. In the meantime, try -r1 with the static-libs USE flag. -- Eray
Re: [gentoo-user] GSSIAPIKeyExchange is not supportd on OpenSSH_5.9p1
On Wed, Sep 5, 2012 at 12:06 PM, Ali Gholami ghol...@kth.se wrote: .ssh/config: Bad configuration option: GSSAPIKeyExchange That config option needs a separate patch which has been around for ages but upstream OpenSSH maintainers are being an arse^H^H^H^H uncooperative. Sadly, Gentoo decided not to ship it anymore. See: https://bugs.gentoo.org/show_bug.cgi?id=115553 -- Eray
Re: [gentoo-user] newaliases - unsupported map type: hash
On Fri, Aug 31, 2012 at 3:06 AM, Joseph syscon...@gmail.com wrote: I just upgraded to postfix-2.9.3 and not getting any local mail. When I type newaliases I get: postalias: fatal: unsupported map type: hash Do not turn off the berkdb USE flag if your setup uses hash or btree lookups. There is a warning in the ebuild output for -berkdb. Please let me know if it did not work for you. Eray
Re: [gentoo-user] HEADS UP - postfix-2.9.0 is broken
On Tue, Feb 07, 2012 at 01:58:33PM +0700, Pandu Poluan wrote:
S... I'm still on 2.8.7. Is it safe to upgrade to 2.9.0-r1 ?
Yes, it should be OK as long as you run etc-update/dispatch-conf/similar
after the upgrade. Postfix daemons now live under /usr/libexec/postfix
(not under /usr/lib{,64)/postfix). Adjust your main.cf accordingly.
I'll add a warning to the ebuild.
--
Eray Aslan e...@gentoo.org
Re: [gentoo-user] HEADS UP - postfix-2.9.0 is broken
On Mon, Feb 06, 2012 at 06:51:51PM +0100, Andrea Conti wrote: Luckily the error messages are informative enough... but let's say that a word of caution in the emerge message would have been welcomed. There is a warning printed if you emerged without the berkdb flag when you upgraded from postfix-2.9. Please let me know if it did not work for you. -- Eray Aslan e...@gentoo.org
Re: [gentoo-user] netqmail blocks maildrop requiered by qmail-scanner.
On Thu, Aug 18, 2011 at 08:47:08PM -0700, fe...@crowfix.com wrote: Someone told me to set -tools for maildrop in package.use. I looked up what that does but forget now, so presumably it's not terribly important on my system. Still puzzling. maildrop, netqmail, courier-imap all install the same file(s) leading to a file collision. See bug #61116 for the gory details. Basically, with -tools, we do not intall them. Tying conflicting files to a USE flag does not make me happy either but it was better than status quo. An argument can be made though to not enable the tools flag by default. -- Eray Aslan e...@gentoo.org signature.asc Description: Digital signature
Re: [gentoo-user] drbd primary standalone ...
On 2011-07-12 2:50 PM, Stefan G. Weichinger wrote: Where should I add drbdadm primary all to the init-scripts to fix that temporarily? Usually it is the resource manager's (such as pacemaker) job to decide which node becomes primary. If you are not using one, you might want to check become-primary-on directive in drbd.conf -- Eray Aslan e...@gentoo.org
Re: [gentoo-user] Circular blockage
On Mon, Mar 28, 2011 at 11:16:48PM +0100, Peter Humphrey wrote: How do I get out of this? Re-sync your tree. Temp breakage when virtual/mta was added to the tree. Sorry about that. -- Eray
Re: [gentoo-user] Re: OT: advice sought on new laptop for Gentoo
On 07.09.2010 15:29, Alan McKinnon wrote: I figure that just like a top-grade mechanic should be looking at SnapOns or similar in his toolbox, this here sysadmin also needs high quality tools. My chief tool is my notebook. It's the weight not the price that is the deciding factor us. I guess depends on how much traveling you do. There is no one final ultimate answer. It depends. Labeling low res solutions as cheap crap was uncalled for. -- Eray
Re: [gentoo-user] configure error - how to debug
On 06.07.2010 18:55, Helmut Jarausch wrote: ./configure: line 14859: test: too many arguments Looking at this line it shows if test $ax_python_header != no; then Wild guess (since you did not mention which ebuild): quote the variable and try again, i.e. something like - if test $ax_python_header != no; then + if test $ax_python_header != no; then -- Eray
Re: [gentoo-user] Two openvpn tunnels... and /etc/init.d et al.
On 06.07.2010 08:17, Steve wrote: What's the recommended gentoo way to launch two openvpn instances? (I assume that's what's required...) $ ls -l /etc/init.d/openvpn* -rwxr-xr-x 1 root root 4198 Feb 17 08:31 /etc/init.d/openvpn lrwxrwxrwx 1 root root7 Mar 1 12:28 /etc/init.d/openvpn-interoffice - openvpn $ ls -l /etc/openvpn/*.conf -rw-r--r-- 1 root root 10356 Mar 1 15:32 /etc/openvpn/openvpn-interoffice.conf -rw-r--r-- 1 root root 10351 Mar 4 23:10 /etc/openvpn/openvpn.conf i.e. make a soft link to openvpn init script and make a seperate conf file with the same name as the new init script in your config directory (usually /etc/openvpn). Init script starts openvpn with the correct config file. -- Eray
Re: [gentoo-user] Re: Kernel upgrade and now LUKS failure
On Tue, May 18, 2010 at 08:57:58PM +0200, Stefan G. Weichinger wrote: Am 18.05.2010 19:57, schrieb Jan Engelhardt: Ok, I see. So my current setup with one disk only and SSL-generated keyfile does not add security but flexibility (being able to switch passwords more quickly). Keep the keyfile in a usb-stick if you can. Decrypting the hard disk will require both the usb-stick and the password, i.e. two factor authentication. -- Eray
Re: [gentoo-user] {OT} hardening SSL without rejecting users
On 27.04.2010 05:19, Grant wrote: I've been advised to harden my SSL in the following ways: 1. disable SSL 2.0 Agreed. There is no need to support SSL 2.0 anymore. 2. disable use of SSL ciphers which offer either weak or no encryption For maximum compatibility, support AES, RC4 and 3DES (and up). There is no need to support weaker ciphers. 3. disable anonymous SSL ciphers Correct. There is no need except in emergencies (actual interoperability problems with mandatory TLS destinations). But it should be the default anyway. In general, try to * use a private key that is at least 2048 bits long * do not offer ciphers below 128 bits * do not support SSLv2 * do not offer anonymous Deffie Hellmann (ADH) * generate new keys for each certificate (do not reuse keys) * support/offer TLS 1.0 and better -- Eray
Re: [gentoo-user] custom package make options?
On Sun, Apr 18, 2010 at 02:46:58PM -0400, David Mehler wrote: I've got a box with two processors so i have MAKEOPTS set to -j2. One package gnome breaks during compile under these circumstances so am wanting to install it and only it with MAKEOPTS set to -j1 i'm thinking i have to put a file somewhere to pass custom make options to emerge gnome, but not sure where. echo 'MAKEOPTS=-j1' /etc/portage/env/$CATEGORY/$PN for example: echo 'MAKEOPTS=-j1'/etc/portage/env/gnome-extra/evolution-data-server -- Eray
Re: [gentoo-user] STARTTLS verification problem
On 10.04.2010 11:08, Mick wrote: Apr 9 21:45:47 my_box sendmail[4013]: STARTTLS=client, relay=smtp.comcast.net, version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA- AES256-SHA, bits=256/256 Any idea why this is happening? Nothing to worry about. It just means you do not trust the certificate issuer for smtp.comcast.net. For smtp delivery, this is perfectly fine. See below: $ openssl s_client -connect smtp.comcast.net:25 -starttls smtp [...] SSL-Session: [...] Verify return code: 20 (unable to get local issuer certificate) versus when I tell it to trust some CAs (including verisign) on the local machine: openssl s_client -connect smtp.comcast.net:25 -starttls smtp -CApath /etc/ssl/certs/ [...] SSL-Session: [...] Verify return code: 0 (ok) -- Eray
Re: [gentoo-user] STARTTLS verification problem
On 10.04.2010 18:12, Robin Atwood wrote: That's very interesting, I have puzzled about STARTTLS stuff for years! How do I make sendmail trust the CAs? This is neither necessary nor recommended for TLS. define(`CERT_DIR',`/etc/mail/certs') define(`confCACERT_PATH',`CERT_DIR') define(`confCACERT',`CERT_DIR/cacert.pem') define(`confSERVER_CERT',`CERT_DIR/cert.pem') define(`confSERVER_KEY',`CERT_DIR/key.pem') define(`confCLIENT_CERT',`CERT_DIR/cert.pem') define(`confCLIENT_KEY',`CERT_DIR/key.pem') These 3 files (cacert.pem, cert.pem, key.pem) are for your own server. It has been awhile since I used sendmail, but adding CA certificates to CACERT_PATH should make sendmail trust them. Again, this is contrary to best practices. Do not trust third party CA certificates unnecessarily. It might come back and bite you. -- Eray
Re: [gentoo-user] STARTTLS verification problem
On 10.04.2010 19:04, Mick wrote: On Saturday 10 April 2010 16:32:37 Eray Aslan wrote: On 10.04.2010 18:12, Robin Atwood wrote: That's very interesting, I have puzzled about STARTTLS stuff for years! How do I make sendmail trust the CAs? This is neither necessary nor recommended for TLS. Why would that be? Who do you trust and for what? Adding various third party CA certificates, i.e. using a PKI infrastructure for SMTP for the general public: Pros: None Cons: * If you ever do certificate based access control, you will be in for a surprise. * MTA's TLS codes are well known for the more populer ones. However, code paths that deal with a lot of CA certs are seldom used. There might be corner cases. On a more general note, please ask yourself Do I really need a PKI? and avoid PKI if you can. It is a mess and is not the way forward. -- Eray
Re: [gentoo-user] Which IPSEC to go?
On 24.01.2010 23:38, Konstantinos Agouros wrote: since I am a while out of the game of doing ipsec with Linux: What's the way to go? Strongswan/Openswan or ipsec-tools for kame/racoon. Emerge -p gave me some ~ for ipsec-tools while openswan goes without. Any input welcome. I need this for a road warrior setup. Assuming you will want to support windows clients as well, openswan and openvpn are the populer choices. There has been some mention of questionable code quality for openswan so you might want to check if openvpn fits your needs first. Personally, I would stay away from kame/racoon. -- Eray
Re: [gentoo-user] Devicekit - especially just for Dale
On Sun, Jan 17, 2010 at 09:39:27AM -0600, Dale wrote: From my understanding, isn't the same guy doing devicekit that did hal? I'm not saying it won't be better because it should be. From what I read a good while back, he learned a lot about the pitfalls of hal. He, most likely, will know best how to do it differently this time. It is usually done right in the third version. First one too small, second one too big, third one just right :) I think it is called Second System Effect I guess we will see if it is. -- Eray
Re: [gentoo-user] Quick quesition regarding linux-2.6.31.x and gentoo-sources-2.6.31-rx
On Thu, Nov 19, 2009 at 03:49:19PM -0500, Marcus Wanner wrote: I was just wondering if a package such as gentoo-sources-2.6.31-r6 uses kernel 2.6.31.6, or just 2.6.31. I have been digging through timestamps and the like for a while, but I just can't figure it out. http://sources.gentoo.org/viewcvs.py/linux-patches/genpatches-2.6/tags/ -- Eray
Re: [gentoo-user] strange cron messages...
On 17.11.2009 10:59, Neil Bothwick wrote: Then how do you get the server to use the new logfile names each day/week? It creates and uses a new file each hour/day/etc. Perhaps, you missed the file(...) directive? I didn't miss it. My question was how to you get the process to USE the new file. Unless you SIGHUP the process, it will continue using the config in pace when it started. Last sentence is correct. What you are missing is that the config says to start a new file each day/hour/etc. syslog-ng does not evaluate the file() expression once at startup and then treat it as a constant. # ls /var/log/HOSTS/north/|tail -n5 north.2009.07.log.gz north.2009.08.log.gz north.2009.09.log.gz north.2009.10.log.gz north.2009.11.log There was no SIGHUP involved. You only need to send a SIGHUP to the server using that log facility, so syslog would not be affected in your example. I can't parse this. The point is avoiding SIGHUP so that we do not miss any log messages. You wouldn't miss a log messsage by sending a SIGHUP to your mail server, the logger woulsd keep running. When syslog-ng cannot process messages for whatever reason, it will buffer them. When the buffer is full, it will drop the messages. There is no need to add to the load and increase message loss probability with SIGHUP (think of a central log server). -- Eray
Re: [gentoo-user] strange cron messages...
On 17.11.2009 17:08, Neil Bothwick wrote: You wouldn't miss a log messsage by sending a SIGHUP to your mail server, the logger would keep running. When syslog-ng cannot process messages for whatever reason, it will buffer them. When the buffer is full, it will drop the messages. There is no need to add to the load and increase message loss probability with SIGHUP (think of a central log server). How does sending a SIGHUP to smtpd increase the load on the syslog server? Ugh, smtpd? Where did that come from? There was no mention of smtpd in the thread. Hectic day at work? :) -- Eray
Re: [gentoo-user] strange cron messages...
On 15.11.2009 13:45, Mick wrote:
On Saturday 14 November 2009 16:53:24 Alex Schuster wrote:
I assume you are using logrotate, and have the /etc/logrotate.d/kernel
file? I guess the 'compytruncate' is misspelled and should be
'copytruncate'. And 'endscript' is used after using 'prerotate' or
'postrotate', which you probably do not have.
Something like that, I never used logrotate by myself. See the man page
for more information.
Hmm ... how do you keep your log files under control?
Use time-based file names. For syslog-ng something like:
destination mail {
file(/var/log/mail/$YEAR/$MONTH/$DAY/$HOUR
template($ISODATE $HOST $MSG\n) template_escape(no)
owner(root) group(log) perm(0640)
dir_owner(root) dir_group(log)
dir_perm(02750) create_dirs(yes));
};
destination msgs {
file(/var/log/msgs/$YEAR/$MONTH/$DAY/$HOUR
template($ISODATE $HOST $MSG\n) template_escape(no)
owner(root) group(log) perm(0640)
dir_owner(root) dir_group(log)
dir_perm(02750) create_dirs(yes));
};
source local { unix-dgram(/dev/log); pipe(/proc/kmsg);
internal(); };
filter mail { facility(mail); };
filter notmail { not facility(mail); };
log { source(local); filter(mail); destination(mail); };
log { source(local); filter(notmail); destination(msgs); };
Important points:
- unix-dgram is good
- Use template() to determine the format
- No need to logrotate with time based filenames. Hence, no need to
kill -HUP the syslog daemon. No missed logs.
- Easier to get the log files to a central server with time based
filenames.
- log group is for transfering the log files to a central server
--
Eray
Re: [gentoo-user] strange cron messages...
On 16.11.2009 10:08, Graham Murray wrote: Eray Aslan eray.as...@caf.com.tr writes: - No need to logrotate with time based filenames. Hence, no need to kill -HUP the syslog daemon. No missed logs. But you still need some system (eg tmpwatch) to delete old log files otherwise the disk will (eventually) fill with log files. Logrotate automatically handles the number of/how long to keep logs. If you want to be complete, you compress old log files, transfer them to the central log server and delete them when they are old enough. These are done with a few trivial scripts run via cron. If that seems like too much work for questionable benefit, by all means use logrotate. -- Eray
Re: [gentoo-user] strange cron messages...
On 16.11.2009 14:46, Neil Bothwick wrote:
On Mon, 16 Nov 2009 09:05:18 +0200, Eray Aslan wrote:
- No need to logrotate with time based filenames. Hence, no need to
kill -HUP the syslog daemon. No missed logs.
Then how do you get the server to use the new logfile names each
day/week?
It creates and uses a new file each hour/day/etc. Perhaps, you missed
the file(...) directive? Reposting for your reference:
destination mail {
file(/var/log/mail/$YEAR/$MONTH/$DAY/$HOUR
[...]
You only need to send a SIGHUP to the server using that log
facility, so syslog would not be affected in your example.
I can't parse this. The point is avoiding SIGHUP so that we do not miss
any log messages.
OP asked how one manages log files without logrotate and the answer is
with time based file names. It has the additional benefit of avoiding
SIGHUP.
--
Eray
Re: [gentoo-user] Migration to baselayout2 / openrc
On 10.10.2009 13:01, meino.cra...@gmx.de wrote: On gentoo web I found this: 2. Migration to OpenRC Migration to OpenRC is fairly straightforward; it will be pulled in as part of your regular upgrade process by your package manager. PPP startup scripts still do not work with openrc. Just a heads up in case you use them. -- Eray
Re: [gentoo-user] {OT} zflashpoint for Linux? (SSD performance accelerator)
On 09.08.2009 16:13, Florian Philipp wrote: [..] When you think about the situation, laptop-mode might actually make the situation worse. You see, it was originally developed to help HDDs staying in standby for longer periods by delaying writes until a read action causes the drive to spin up or some period of time has passed. At this point, all writes should happen in one short burst. However, with slow SSDs, these bursts might actually cause the stuttering you experience. This is especially true when the writes delay a read action. I'm not sure whether the disk scheduler prefers reads over writes but it certainly would help. Reads do get higher priority by default. They are synchronous afterall. Problem usually occurs when reads get interspersed with random writes, i.e. when start you getting lots of seeks. But good SSDs don't care. Only HDDs do. And maybe bad SSDs, too. There is no need to keep an SSD idle as there is no kind of standby like HDDs have.[1] Therefore I think a better solution would be treating write actions as batch jobs: You do them only when there is nothing better to do (i.e. no read action). Until then, you keep them in a large write cache. It is not that easy (it never is?). There are a lot of trade-offs as can be witnessed by the variety and complexity of the disk schedulers. I'm not sure if there is such a system, yet. Maybe you should try out XFS as it already implements a very aggressive write cache. I'd be very interested in benchmarks for Ext4 vs. XFS on slow SSDs but I wouldn't bet on seeing one soon. I suppose simulating and measuring such a usage pattern isn't a simple task. Well, work with email (email causes a lot of filesystem syncs typically) while dd'ing a big file repeatedly in the background. Should be close enough. Both latency (stutters) and throughput are important. -- Eray
Re: [gentoo-user] emerge --update --newuse too eager?
On 13.07.2009 10:11, Helmut Jarausch wrote: would anybody please be so kind to explain to me how emerge --update --newuse --deep @system @world works. E.g. it wants to re-emerge sys-devel/gcc because of the new use flag nptl according to [ebuild R ] sys-devel/gcc-4.4.0 USE=nptl%* [ebuild R ] sys-devel/gcc-4.3.3-r2 USE=nptl%* But, looking at the corresponding ebuild files they don't use (IUSE or other) such a use flag. But why then does emerge want to rebuild those packages.? nptl USE flag comes from toolchain.eclass. Almost all the work for the ebuild is done in the toolchain.eclass for gcc. nptl flag was recently added to enable thred local storage for nptl/uclibc users: http://sources.gentoo.org/viewcvs.py/gentoo-x86/eclass/toolchain.eclass?r1=1.400r2=1.401 -- Eray
Re: [gentoo-user] Machine doesn't respond to broadcast ping.
On 25.06.2009 07:34, Stroller wrote: I've got one machine here on the LAN which isn't responding to broadcast ping. Any idea why not? You need to set icmp_echo_ignore_broadcasts to 0. Default is 1, mainly for dos prevention: # sysctl net.ipv4.icmp_echo_ignore_broadcasts=0 -- Eray
Re: [gentoo-user] [postfix - bug?] error in master.cf - problem with restart
On 22.06.2009 13:02, Marcin Niskiewicz wrote: I noticed that when someone makes an error in master.cf http://master.cf (for example write anything at the beginning of the file) and then restart postfix there is a problem: postfix is stopped (that's ok), then it should be started but it isn't (in log something like postfix/master[1649]: fatal: /etc/postfix/master.cf http://master.cf: line 4: bad transport type: ==) and there is no error shown on console ( echo $? - shows 0 ) and then when we try to restart (or start) postfix again - we can't - unless we delete /var/lib/init.d/started/postfix file (it's not deleted while restarting) is it a bug or we're doing sth wrong?! Postfix init script just calls postfix(1) which calls postfix-script which calls master(8). Exit codes do not get back to the terminal. Use postfix status to check whether the mail system is running. -- Eray
Re: Tweaks for SSDs [Was: [gentoo-user] [ot] no more inodes]
On Sat, May 30, 2009 at 02:40:34PM +0100, Neil Bothwick wrote: On Sat, 30 May 2009 12:06:04 +0200, Florian Philipp wrote: Delaying commits with ext4 and/or laptop-mode will reduce the wear-down of your SSD but it might as well freeze your system when the actual commit takes place because these things tend to have a terribly low write performance. That may explain the pauses I get from time to time. Maybe shortening the commit period will help. Couple of points regarding the pauses, SSDs, schedulers and ext3/ext4: * try ext4 with its delayed allocation. It should help with pauses * ext3 with data=writeback should help. Some security implications with data=writeback tho. So be careful if it is not a single user machine. * Deadline scheduler has more throughput than CFQ or anticipatory but it is totally unusable under load * A lot of patches to ext3 and ext4 for a/m pauses and SSDs. Some made it to kernel 2.6.30 I believe. * Try CFQ and NOOP as schedulers for SSDs for now. After the above patches, CFQ should be the better choice. Basically, a lot of changes to ext3/ext4 and schedulers at the moment. I would wait for at least kernel 2.6.31 before trying alternatives and making decisions. Or I could try btrfs, which has an ssd mount option. Ugh. Even on-disk format is not finalized yet. -- Eray
Re: [gentoo-user] 'if echo hello' in .bashrc
On 08.05.2009 17:10, Alan McKinnon wrote: if echo hello|grep --color=auto l /dev/null 21; then export GREP_OPTIONS='--color=auto' GREP_COLOR='1;32' fi to ~/.bashrc Why does he echo hello, please? Some greps (like BSD one) might not support '--color' option, so echo hello|grep --color=auto l will return error code, skipping if clause, and won't break grep operation by adding an unsupported option. except that STDERR is combined with STDOUT and sent to /dev/null so the script will never get it, the if is always true and the entire check is redundant. Better would be if echo hello|grep --color=auto l /dev/null ; then No. We do not want any output from echo|grep. We just want the exit code so that the following export statement gets executed iff grep returns with no errors. -- Eray
Re: [gentoo-user] autorespond
On 29.04.2009 14:30, Neil Bothwick wrote: In fact, all that's needed is already there (just the other way round, though): every list I'm subscribed to adds a Precedence header field (with values of bulk or list) to the messages. A sane auto-responder will not send replies to messages containing this header field. Good idea, I'll rewrite the procmail rules I use... not that I'm going on holiday for a while :( You should check not only Precedence: Bulk headers but List: headers, Auto-Submitted: headers, owner-foo envelopes, foo-request@ envelopes, Precedence: Junk headers ... See RFC 3834 for recommendations: http://www.ietf.org/rfc/rfc3834.txt -- Eray
Re: [gentoo-user] Re: eliminating packages/ebuilds from the portage tree
On Thu, Apr 09, 2009 at 11:32:22AM +0200, Alan McKinnon wrote: is there a good reason to remove them, instead of masking? If you like spending half a day masking hundreds and hundreds of packages using an inflated package.mask, then no, there's no good reason :) The OP said a couple of packages, so package.mask is the best bet. Give OP the benefit of doubt that he might know what he is asking and why. PORTAGE_RSYNC_EXTRA_OPTS is probably not the best way - if one of those packages is in a DEPEND that is needed somewhere, portage will throw a hissy fit about missing stuff. If masked, at least you get a parseable error message # mv /usr/portage/dev-libs/apr /tmp/ # emerge -va apache These are the packages that would be merged, in order: Calculating dependencies... done! emerge: there are no ebuilds to satisfy =dev-libs/apr-1*. (dependency required by www-servers/apache-2.2.10 [ebuild]) (dependency required by apache [argument]) Does look like an informative message to me rather than a hissy fit. -- Eray
Re: [gentoo-user] eliminating packages/ebuilds from the portage tree
On Thu, Apr 09, 2009 at 12:52:18AM -0400, Valmor de Almeida wrote: There are a couple of packages (ebuilds) in the portage tree that I would like to eliminate completely from my system and not get them back after an emerge --sync. Is this possible? You can exclude part of the tree with PORTAGE_RSYNC_EXTRA_OPTS in /etc/make.conf: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=3chap=5 -- Eray
Re: [gentoo-user] eselect-news
On Tue, Apr 07, 2009 at 12:21:12PM -0500, Dale wrote: Just to make sure my light bulb is burning correctly, after I upgrade I can see the message or after I sync and use eselect the message will appear? I'm trying to figure out if the horse is in front of the cart or behind it. o_O After sync, you will get a reminder that there is a news item. Then you eselect news list to see what it is. Pretty neat if you ask me. -- Eray
Re: [gentoo-user] Kernel update messed up console encoding
On 28.02.2009 12:34, Florian v. Savigny wrote: [...] I'll follow your suggestion and re-post the problem on gentoo-user-de, although I think running into that sort of problem might happen to anybody who uses a European language other than English (one of those covered by iso-8859-1, more precisely), so comments here are still welcome! But who still sometimes uses the console, except me? A lot of people use the console. I certainly do. But I, and I would assume majority of console users, switched to UTF-8 quiet some time ago as was suggested earlier in the thread. Hence, the lack of useful advice. Good luck. -- Eray
Re: [gentoo-user] Commenting out multiple lines in vim
On 13.02.2009 07:48, Stroller wrote: On 13 Feb 2009, at 00:53, Philip Webb wrote: 090212 Stroller quoted: In vim, you can just select the rectangular region with Ctrl-v, then type I#ESC. This will insert # in each line at the same column. If you want to comment a series of lines m-n , it's quicker to do : :m,ns/^/#/ I saw similar comments in my Google searches, but I am flummoxed how one could find it so. Is it only on my keyboard that forward-slash is a lower-case character that is accessed *without* the shift key deployed? How do you know m n? Column and line numbers are shown on the lower right part of the screen. Surely it's easier just to highlight the lines? Not when you are working with the keyboard most of the time. Taking your hands off the keyboard to use the mouse is time consuming and becomes rather annoying. -- Eray
Re: [gentoo-user] Postfix and Domainkeys
On 14.01.2009 06:24, Jason Carson wrote: On 12.01.2009 00:13, Jason Carson wrote: Greetings, I am trying to setup postfix with domainkeys. I installed dk-milter and ran the following as I was told to do after emerging it ... DomainKeys is deprecated and is replaced by DKIM. You are much better off using mail-filter/dkim-milter. If you are using amavisd-new with your postfix, I suggest you use amavisd-new to check and sign your mail and do not use milters at all. Can I use both dk-milter and dkim-milter simultaneously? Yes you can use both simultaneously. First sign with domainkeys and then with DKIM. -- Eray
Re: [gentoo-user] Postfix and Domainkeys
On 12.01.2009 00:13, Jason Carson wrote: Greetings, I am trying to setup postfix with domainkeys. I installed dk-milter and ran the following as I was told to do after emerging it ... DomainKeys is deprecated and is replaced by DKIM. You are much better off using mail-filter/dkim-milter. If you are using amavisd-new with your postfix, I suggest you use amavisd-new to check and sign your mail and do not use milters at all. [...] * After you configured your MTA, publish your key by adding this TXT record to your domain: * default._domainkey IN TXT g=; k=rsa; t=y; o=~; p=keygoeshere * t=y signifies you only test the DK on your domain. * See the DomainKeys specification for more info. but I don't understand what this part mean... You need to publish your public key in your DNS server so that others can check your signature. * Make sure you add these parameters to your dk-filter command line: * -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private -S default ...Anyone know what to do? You need to read up on DKIM (or domainkeys if you want to go that way). Links below should get you started: http://www.dkim.org/ http://en.wikipedia.org/wiki/DomainKeys http://www.ijs.si/software/amavisd/amavisd-new-docs.html#dkim http://www.postfix.org/MILTER_README.html -- Eray
Re: [gentoo-user] Postfix and Domainkeys
On 12.01.2009 17:33, Jason Carson wrote: [...] I don't understand what this part below means... Make sure you add these parameters to your dk-filter command line: -b sv -d your-domain.com -H -s /etc/mail/dk-filter/default.private -S default I tried the following two commands with no luck dk-filter -b sv -d jasoncarson.ca -H -s /etc/mail/dk-filter/default.private -S default ...and... /etc/init.d/dk-filter -b sv -d jasoncarson.ca -H -s /etc/mail/dk-filter/default.private -S default ...any other suggestions or am I doing something wrong? It's been awhile but: Make the necessary changes: vi /etc/mail/dk-filter/dk-filter.conf and start the milter: /etc/init.d/dk-filter start -- Eray
Re: [gentoo-user] kernel linux-2.6.27-gentoo-r7 won't load network!
On 06.01.2009 12:14, Steven Susbauer wrote: Dirk Heinrichs wrote: Am Dienstag, 6. Januar 2009 02:56:28 schrieb Denis: I have Intel network hardware that runs on the E1000 driver Did you try e1000e? Bye... Dirk e1000e had been disabled in 2.6.27 versions, was it put back in by -r7? Supposed to be back in 2.6.27-r1. Can't check at the moment tho. http://bugs.gentoo.org/show_bug.cgi?id=238489 -- Eray
Re: [gentoo-user] kerberos use flag
On 08.11.2008 17:27, Allan Gottlieb wrote: Today's emerge --ask --verbose --deep --tree --newuse --update world turned up a bunch of reinstalls due to -kerberos*. I have not changed make.conf. Did some profile change? Output from emerge --info is below. Kerberos was removed from desktop profile. It should not have been a global use flag anyway. Good call from the dev team. Do we really want to turn kerberos on for all packages that support it? http://archives.gentoo.org/gentoo-dev/msg_dff704cd21b8b72dca61a4f16363502f.xml
Re: [gentoo-user] Circular blocks after last night's sync?
On Tue, Oct 28, 2008 at 03:09:00PM -0400, Allan Gottlieb wrote: I have unmerged all the files involved in the blockage allan Mail # emerge --ask --unmerge e2fsprogs e2fsprogs-libs ss com_err These are the packages that would be unmerged: --- Couldn't find 'e2fsprogs' to unmerge. --- Couldn't find 'e2fsprogs-libs' to unmerge. --- Couldn't find 'ss' to unmerge. --- Couldn't find 'com_err' to unmerge. No packages selected for removal by unmerge But when I do an emerge world I still get the blockage (I previously tried emerge -1 e2fsprogs, which brought in e2fsprogs-libs, but still gave the blockage shown below). Careful with the unmerges. Check the following for the gory details and possible work arounds: http://bugs.gentoo.org/show_bug.cgi?id=234907 http://bugs.gentoo.org/show_bug.cgi?id=244511 Such a mess. -- Eray
[gentoo-user] recover from disk crash lvm2 group
Hello, One of the disks in a 3-disk lvm2 group crashed. I would like to continue with the remaining 2 disks. How to remove the non-functioning disk from the group and re-create the volume with 2 disks? I have backups. # vgremove home_vol Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Volume group home_vol not found # vgscan Reading all physical volumes. This may take a while... Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Couldn't find device with uuid 'D0HvzD-Vw9B-40Vd-NSn1-RW0d-SlVF-pM4jOH'. Couldn't find all physical volumes for volume group home_vol. Volume group home_vol not found Thank you Eray
Re: [gentoo-user] recover from disk crash lvm2 group
On 02.08.2008 15:02, Albert Hopkins wrote: On Sat, 2008-08-02 at 12:49 +0300, Eray Aslan wrote: [...] One of the disks in a 3-disk lvm2 group crashed. I would like to continue with the remaining 2 disks. How to remove the non-functioning disk from the group and re-create the volume with 2 disks? I have backups. [...] The lvm(8) man page lists the --partial flag. A quick Google search reveals: vgchange -ay --partial Grr, it does indeed. For the archives, also had to use vgreduce with --removemissing flag. Sorry and thank you for the quick response. Eray
Re: [gentoo-user] Gentoo router for multiple ISPs?
On 12.04.2008 21:11, Mark Knecht wrote: Hi all, I need to get a second ISP line into the house. I currently have a cable modem but it goes down once in a while and my work requires higher reliability so I was thinking of getting a DSL line to supplement it. I'd like to investigate creating some sort of firewall/router that could do the following: 1. Load balancing is easy. Just read up on it. http://lartc.org/ is a good start. Basically, you will have to modify your iptables and routing table rules. 2. Check the time extension of iptables. Also many services and daemons have in built facility for day and time based access control. For example xinetd offers data and time based access control. You might want to go that route depending on what service you want to control. 3. Automatic failover is the hard part. AFAIK, Linux can determine if the next hop is down and do automatic switch over. But if you have a problem further down the line, kernel won't detect it. For DSL, you might want to use your modem as a bridge and connect directly with PPP to your ISP so that you can detect if the link goes down (that seems to be most common case). I do not know if the same is possible with cable modems as I have not used one in a long time. Another alternative is to run a cron job that pings a certain host(s) on the internet and depending on the result adjusts the routing the table accordingly. HTH -- Eray 1) Load balance between the two lines during the day. I get download speeds of about 6Mb/S from my current Cable Modem and supposedly about 3Mb/S from the DSL. I'd like to get something like 8-9Mb/S aggregate from the two together if possible. 2) I need rules that keep certain machines off of the cable modem during specific hours. 3) I MUST have some sort of AUTOMATIC switch over such that if one line goes down the second line takes over and runs everything while at the same time informing me that a line is down. This machine must be able to test, once a minute or faster, that both lines are up and take action immediately if something is wrong. It must then correct if the down line comes back up. 4) I can either use this same machine as a firewall or I can simply hook it to my existing LinkSys since I'll still need wireless to get around the house. I figure I'll run the LinkSys inside this Gentoo machine anyway. I figure I'll want a firewall on this machine since it will be directly on the net anyway. Are features like this available in some sort of package from portage? Note that I'd be perfectly happy buying some box for less than $100-$200 that could do all of this automatically but I haven't found one yet. Thanks, Mark -- gentoo-user@lists.gentoo.org mailing list
Re: [gentoo-user] Gentoo on the server side
On 01.12.2007 09:03, Alan wrote: This used to be a debian system and was moved over to gentoo about 4 years ago when I had been spending lots of time with gentoo on my desktop at home. I like gentoo, however I would exercise caution if you're deploying on real systems. We have also moved from binary distros to Gentoo a few years ago. Basically it was a choice between linux (gentoo) and *BSD. [...] The less updates, the less surprises and the less chance you'll somehow accidently break someone's site doing a simple update late some night. Gentoo is still a fairly moving target in this respect. Agree with the moving target bit. I think the secret is that if you run with gentoo you have to be prepared to upgrade EVERYTHING fairly often, and not bit by bit if you're uncomfortable with something it might be upgrading. I find that there are really two relatively pain-free upgrade policies for a production system. Either upgrade fairly often or forklift upgrade i.e. remove the old server and intall the new one. And yes, I do plan to just bit the bullet and backup, upgrade everything and then deal with any upgrade pains as they come. Just not sure quite when :) Good luck :) -- Eray -- [EMAIL PROTECTED] mailing list
[gentoo-user] Netfilter TRACE target?
How do you get the TRACE target to work in iptables? north ~ # /sbin/iptables -t raw -A PREROUTING -j TRACE iptables v1.3.8: Couldn't load target `TRACE':/lib/iptables/libipt_TRACE.so: cannot open shared object file: No such file or directory Try `iptables -h' or 'iptables --help' for more information. Sure enough, libipt_TRACE.so is not there: north ~ # ls -la /lib/iptables/*TRACE* ls: cannot access /lib/iptables/*TRACE*: No such file or directory TRACE is enables in the kernel config and extensions use flag is enabled for iptables: north ~ # uname -r 2.6.23-gentoo-r1 north ~ # zgrep NETFILTER /proc/config.gz CONFIG_NETFILTER=y # CONFIG_NETFILTER_DEBUG is not set CONFIG_BRIDGE_NETFILTER=y CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_NETLINK_QUEUE=y CONFIG_NETFILTER_NETLINK_LOG=y CONFIG_NETFILTER_XTABLES=y CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y CONFIG_NETFILTER_XT_TARGET_CONNMARK=y # CONFIG_NETFILTER_XT_TARGET_DSCP is not set CONFIG_NETFILTER_XT_TARGET_MARK=y CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m CONFIG_NETFILTER_XT_TARGET_NFLOG=m CONFIG_NETFILTER_XT_TARGET_NOTRACK=m CONFIG_NETFILTER_XT_TARGET_TRACE=y CONFIG_NETFILTER_XT_TARGET_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_COMMENT=m CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m CONFIG_NETFILTER_XT_MATCH_CONNMARK=y CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m CONFIG_NETFILTER_XT_MATCH_DCCP=m CONFIG_NETFILTER_XT_MATCH_DSCP=m CONFIG_NETFILTER_XT_MATCH_ESP=m CONFIG_NETFILTER_XT_MATCH_HELPER=m CONFIG_NETFILTER_XT_MATCH_LENGTH=y CONFIG_NETFILTER_XT_MATCH_LIMIT=y CONFIG_NETFILTER_XT_MATCH_MAC=m CONFIG_NETFILTER_XT_MATCH_MARK=y CONFIG_NETFILTER_XT_MATCH_POLICY=m CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m CONFIG_NETFILTER_XT_MATCH_QUOTA=m CONFIG_NETFILTER_XT_MATCH_REALM=m CONFIG_NETFILTER_XT_MATCH_SCTP=m CONFIG_NETFILTER_XT_MATCH_STATE=y CONFIG_NETFILTER_XT_MATCH_STATISTIC=m CONFIG_NETFILTER_XT_MATCH_STRING=m CONFIG_NETFILTER_XT_MATCH_TCPMSS=y CONFIG_NETFILTER_XT_MATCH_U32=m CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m north ~ # emerge -vp iptables These are the packages that would be merged, in order: Calculating dependencies... done! [ebuild R ] net-firewall/iptables-1.3.8-r2 USE=extensions -imq -ipv6 -l7filter -static 0 kB Total: 1 package (1 reinstall), Size of downloads: 0 kB Any ideas? Thank you -- Eray -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] how do you keep up with system administration?
On 30.05.2007 10:21, Neil Bothwick wrote: This runs in the early hours, so I can read it whenever it suits me during the day and apply the changes as I want. I run testing, so frequent updating is a good thing; with a stable system, weekly would be fine, but the longer you leave it the more work is involved. I find that there are 2 problem-free approaches to updating. Either you update frequently or you forklift update the server, i.e. get the server out of the server room and install a new machine. -- Eray -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] IMAP server recommendations.
On 17.05.2007 06:52, Josh Helmer wrote: I was just looking for some opinions. I am replacing my current mail server. Right now I am using courier-imap and I am happy with it. The only thing that concerns me is that I have heard grumblings that courier has some security issues. I was just curious which IMAP server other people would recommend or perhaps if I am best off just sticking with what I know. My current setup is very simple. My only real requirements are SSL and maildir support. I connect using either Kmail or Thunderbird. We recently switched from courier-imap to dovecot (imaps only maildir support with Thunderbird and squirrelmail as mail clients). Peak load went from 10-12 to about 1 and response is much better especially on big folders. If your server is not heavily used, I suggest that you stick with what you know. Otherwise, you can give dovecot a try. -- Eray signature.asc Description: OpenPGP digital signature
[gentoo-user] mysql emerge error
Hello, New server. While emerging mysql, I got the following: [...] make[4]: Entering directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase/trx' Makefile:251: .deps/trx0purge.Po: No such file or directory make[4]: *** No rule to make target `.deps/trx0purge.Po'. Stop. make[4]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase/trx' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase' make[2]: *** [all] Error 2 make[2]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql' make: *** [all] Error 2 !!! ERROR: dev-db/mysql-5.0.38 failed. Call stack: ebuild.sh, line 1614: Called dyn_compile ebuild.sh, line 971: Called qa_call 'src_compile' environment, line 4489: Called src_compile ebuild.sh, line 1304: Called mysql_src_compile mysql.eclass, line 605: Called die !!! emake failed !!! If you need support, post the topmost build error, and the call stack if relevant. !!! A complete build log is located at '/var/log/portage/dev-db:mysql-5.0.38:20070420-074312.log'. Couldn't find a related bug. Any ideas what might be causing this? emerge --info below. Thanks. sunny ~ # emerge --info Portage 2.1.2.2 (default-linux/amd64/2006.1/no-multilib, gcc-4.1.1, glibc-2.5-r0, 2.6.18-hardened-r6 x86_64) = System uname: 2.6.18-hardened-r6 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ Gentoo Base System release 1.12.9 Timestamp of tree: Thu, 19 Apr 2007 15:50:01 + dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 sys-apps/sandbox:1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.15-r1 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS=amd64 AUTOCLEAN=yes CBUILD=x86_64-pc-linux-gnu CFLAGS=-march=k8 -O2 -pipe CHOST=x86_64-pc-linux-gnu CONFIG_PROTECT=/etc CONFIG_PROTECT_MASK=/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo CXXFLAGS=-march=k8 -O2 -pipe DISTDIR=/usr/portage/distfiles FEATURES=buildpkg distlocks metadata-transfer sandbox sfperms strict GENTOO_MIRRORS=ftp://ftp.ankara.edu.tr/gentoo/ http://gentoo.osuosl.org/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.ntua.gr/pub/linux/gentoo/ ftp://ftp.linux.org.tr/pub/mirrors/gentoo/; MAKEOPTS=-j2 PKGDIR=/usr/portage/packages PORTAGE_RSYNC_OPTS=--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-* PORTAGE_TMPDIR=/var/tmp PORTDIR=/usr/portage SYNC=rsync://rsync.europe.gentoo.org/gentoo-portage USE=amd64 berkdb cjk crypt hardened mysql ncurses nls nptl pam perl pic python readline snmp ssl tcpd unicode xml ALSA_CARDS=ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci ALSA_PCM_PLUGINS=adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol ELIBC=glibc INPUT_DEVICES=keyboard mouse evdev KERNEL=linux LCD_DEVICES=bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text USERLAND=GNU VIDEO_CARDS=apm ark ati chips cirrus cyrix dummy fbdev glint i128 i810 mga neomagic nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY -- Eray -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] mysql emerge error
On 20.04.2007 11:06, Eray Aslan wrote: [...] make[4]: Entering directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase/trx' Makefile:251: .deps/trx0purge.Po: No such file or directory make[4]: *** No rule to make target `.deps/trx0purge.Po'. Stop. make[4]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase/trx' make[3]: *** [all-recursive] Error 1 make[3]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase' make[2]: *** [all] Error 2 make[2]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql/innobase' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/dev-db/mysql-5.0.38/work/mysql' make: *** [all] Error 2 Sorry for replying to my own email. mysql-5.0.34 builds fine. Bugged 5.0.38: http://bugs.gentoo.org/show_bug.cgi?id=175331 -- Eray -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] Squirrelmail plugins the Gentoo way?
On 09.03.2007 02:22, Grant wrote:
[...]
It appears squirrelmail is installed with the crypt USE flag. 'equery
uses squirrelmail' says this about crypt:
Add support for encryption -- using mcrypt or gpg where applicable
Does anyone know if that is the gpg plug-in or not? If so, does
anyone know how to enable it for use in squirrelmail?
From squirrelmail-1.4.9a.ebuild:
RDEPEND=virtual/php
[...]
crypt? ( app-crypt/gnupg )
[...]
if use crypt; then
docinto gpg
for doc in plugins/gpg/README plugins/gpg/README.txt
plugins/gpg/INSTALL plugins/gpg/INSTALL.txt plugins/gpg/TODO; do
dodoc ${doc}
rm -f ${doc}
done
fi
So yes. It installs the g/pgp plugin for you. I prefer to install the
plugins by hand. There are just too many plugins and not enough USE
flags. No problems so far.
Enabling g/pgp plugin is like enabling any other plugin. Untar into
plugins directory, read the documentation, adjust as needed and run
conf.pl to enable the plugin.
--
Eray
signature.asc
Description: OpenPGP digital signature
Re: [gentoo-user] I think my machine is being used for spam
On Fri, September 15, 2006 8:48 am, Kevin O'Gorman wrote: My mail queue is chock full of messages that appear to be error-reports from MAILER_DAEMON to the effect that some piece of mail is undeliverable. The form of the messages is baffling to me, and I cannot figure out what the original message was or where it came from. All of the addresses seem bogus. [snip] Most probably you did not configure Postfix to reject all mail for non-existent recipients. We cannot tell if this is really the case without furher information. If you did not, read and implement: http://www.postfix.org/BACKSCATTER_README.html This is really a question for postfix-users list. -- Eray -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Guidance on encrypting my /home
On Sun, August 13, 2006 3:22 am, John J. Foster wrote: [snip] So, before I get to settled on using this, a few questions. Do you encrypt your home directory? /home and swap What apps and/or combination of apps do you use, and why? cryptsetupLUKS Which ciphers do you prefer? Why? AES and Serpent are popular choices AFAIK. Is it well supported? What apps and/or files don't play well with encrytion? DRBD. But then again it might work. I didnot spend too much time trying to make them play nice together. -- Eray -- gentoo-user@gentoo.org mailing list
[gentoo-user] high packet loss
Hello, I wanted to change the router/firewall at a small office lan to hardened gentoo. The machine in question sits between a consumer grade adsl modem and 3 different networks (so a total of 4 eth cards on the server). However, there is a high packet loss (25-50%) between server and adsl modem. cat /proc/net/dev reveals high error count on the receive side of the eth card connected to modem (transmit side has no errors). I changed the eth card and the network cable but the problem stays the same. The same eth card and cable works without any errors with a FC3 server. I am beginning to think that the errors are because of a faulty (on my part) sofware config. I am out of ideas to try. Any pointers to possible causes of high packet loss are highly appreciated. Thank you -- Eray -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] recommendatoin for a new server
El Nino mailto:[EMAIL PROTECTED] wrote: Dear friends,i'm planning on buying a server for running gentoo(will b our 1st gentoo server) with a mail+dns server(1000mails/per day).i'm looking for sata raid,amd opteron around 1GB ram. has anyone built a server recently that worked?1) can anyone give me a suggestions for a good(cost-effective) server(good with gentoo). Mailservers are generally I/O bound. So getting fast disks will help. Spam checking is generally CPU bound. So getting fast CPUs will help. You should design your mail server around peak usage rate, say max number of emails per hour, instead of per day. That being said, 1000 mails/day is really low volume and any modern and not-so-modern (meaning PIII) server can do the job without breaking a sweat. No need to spend big $$$ for such a volume. HTH Eray -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Out of portage
Renat Golubchyk mailto:[EMAIL PROTECTED] wrote: You can copy the ebuild to your overlay and patch postfix from there. If you don't have to do anything else before compiling it then it's as trivial as epatch /path/to/postfix.patch somewhere in src_unpack(). Doing it this way has the benefit of letting portage manage your packages. This seems to be the best way. And indeed it is trivial. You'll just have to keep an eye for upgrades, because they will probably come without this patch. If you want this patch to be included in postfix create a bug in bugzilla with the request. I don't think it is a good idea. I would not second guess Wietse (author of postfix) for the suitability of the patch for general consumption. Thank you for your help. Eray -- gentoo-user@gentoo.org mailing list
[gentoo-user] Out of portage
Hello, I am using portage for packet management. But there are a few programs (postfix for example) that I have emerged and now would like to manage myself. What is the best way to take a program out of portage without unmerging the program? Deleting the appropriate line from /var/lib/portage/world perhaps? Any side effects if I do that? Thank you. Eray -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] Out of portage
Renat Golubchyk mailto:[EMAIL PROTECTED] wrote: If postfix becomes a dependency of another package in the future it will get updated by portage regardless of it being in the world-file. Possible but unlikely. It is a stable mail server. I doubt we will add or remove any software in the near future. Abetter way would be to install it by hand in /usr/local which is reserved for user-managed programs. But you _will_ have to keep an eye on all the required libraries. If they get updated by portage it could break your local install of postfix unless you compile it statically. Thank you for the info. Another option would be to mask every version of postfix except of yours in package.mask. If you have to modify the ebuild copy it to your portage overlay and install it from there. Anyway, why do you want to manage those programs yourself? Because of this patch for postfix: http://sbserv.stahl.bau.tu-bs.de/~hildeb/postfix/duchovni/multi_instance.gz It makes managing / upgrading postfix with multi instances easier. But it seems sticking with portage and managing the (infrequent) upgrades by hand for the second instance of postfix is less work than messing with ebuilds. Thanks again. Eray -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] daemon monitoring programs
for some reason I've got a couple of daemons that keep going out to lunch on me. Are there any good tools for monitoring daemons and possibly restarting them when they go away? Write a small script running out of cron every x minutes or inittab (man 5 inittab) Do not forget to check the reason daemons quit on you. Eray -- gentoo-user@gentoo.org mailing list
RE: [gentoo-user] OT: Web mail suggestions...
Anybody out there able to point me to an existing open-source, solid package? Thanks! Dave I've had no problems with squirrelmail so far: www.squirrelmail.com Eray -- gentoo-user@gentoo.org mailing list
